malwarewikiaorg-20200223-history
TripleM
TripleM is a ransomware trojan that seems to be a variant of the MMM Ransomware, a similar trojan that has been reported before the appearance of the TripleM Ransomware. Payload When TripleM encodes a file, it can be recognized easily because it will have the file extension '.MMM' added to the end of its name. It targets the user-generated files, such as images, videos, audios, texts, and numerous document formats. The TripleM Ransomware will use the AES encryption to make the victim's files unrecoverable, taking them hostage so that the victim only can get these files back by paying the asked ransom. The examples of the file types that may be compromised by threats like the TripleM Ransomware include: 3dm, .3g2, .3gp, .7zip, .aaf, .accdb, .aep, .aepx, .aet, .ai, .aif, .as, .as3, .asf, .asp, .asx, .avi, .bmp, .c, .class, .cpp, .cs, .csv, .dat, .db, .dbf, .doc, .docb, .docm, .docx, .dot, .dotm, .dotx, .dwg, .dxf, .efx, .eps, .fla, .flv, .gif, .h, .idml, .iff, .indb, .indd, .indl, .indt, .inx, .jar, .java, .jpeg, .jpg, .js, .m3u, .m3u8, .m4u, .max, .mdb, .mid, .mkv, .mov, .mp3, .mp4, .mpa, .mpeg, .mpg, .msg, .pdb, .pdf, .php, .plb, .pmd, .png, .pot, .potm, .potx, .ppam, .ppj, .pps, .ppsm, .ppsx, .ppt, .pptm, .pptx, .prel, .prproj, .ps, .psd, .py, .ra, .rar, .raw, .rb, .rtf, .sdf, .sdf, .ses, .sldm, .sldx, .sql, .svg, .swf, .tif, .txt, .vcf, .vob, .wav, .wma, .wmv, .wpd, .wps, .xla, .xlam, .xll, .xlm, .xls, .xlsb, .xlsm, .xlsx, .xlt, .xltm, .xltx, .xlw, .xml, .xqx, .xqx, .zip. TripleM will deliver a ransom note in the form of an HTML file dropped on the infected computer's desktop. The TripleM Ransomware's ransom note, named 'GET_YOUR_FILES_BACK.html,' reads as follows: Triple (MMM) Ransomware v1 NOT YOUR LANGUAGE? Use Google Translate What happened to your files? All of your files were encrypted by a strong encryption with RSA2048 How did this happen? Specially for your PC was generated personal RSA2048 Key, both public and private. ALL YOUR FILES were encrypted with the public key, which has been transferred to your PC via the Internet. Decrypting of your files is only possible with the help of the private key and decrypt program, which is on our Server What do I do? So, there are two ways you can choose: wait for a miracle and get your price doubled, or start obtaining BITCOIN NOW and restore your data easy way. If you have really valuable data, your better not waste your time, because there is no other way to get your files, except payment. Your personal ID: CHARACTERS Your personal wallet adress: 1MMMSA9WJvM7BjhEqy4cQ4gjUXgKKTJcK3 Your price start from 0,45 BTC, after 10 days he is 0,9 BTC, after 15 day he is 2 BTC. 20 day and your secret key has been deleted. Instruction: 1)Buy Bitcoin on btc exchange sites (Paxful.com, gemini.com, Coinbase,Localbitcoins, Coinmama and another). For buy Bitcoin you need confirm your Identify. Or buy Bitcoin instantly in your City https://coinatmradar.com/country/226/bitcoin-atm-united-states/ 2)send Bitcoins to 1MMMSA9WJvM7BjhEqy4cQ4gjUXgKKTJcK3 3)Write us to email triplem@tuta.io 4)After we confirm payment - we send you decryption software and Private Key for decrypt your files.' See Also * MMM * MMM Reborn Category:Microsoft Windows Category:Win32 Category:Trojan Category:Win32 trojan Category:Ransomware Category:Win32 ransomware